In 2021, the number of digital shoppers in the world was 2.14 billion. The
global damage caused by cybercrime in 2021 reached $16.4 billion per day, $684.9
million per hour, $11 million per minute, and $190,000 per second (Cybercrime
Magazine). Each year, this number grows, and since many of us are spending more
time than ever shopping online, we’ve compiled some basic online shopping
guidelines that may help you avoid fraudulent sites and purchase items safely.
There are several scam sites on the internet, so choose carefully where you shop. It’s
a good idea to research online retailers to see if they are legitimate or not. Read
feedback from people or organizations you trust, such as consumer sites or reviews
and comments.
Check the website’s privacy policy. Trustworthy organizations will have information
on their websites about how they handle your personal information (which should
only be used to process your order and should not be shared with third parties).
Watch out for bad grammar and spelling. Occasionally, typos may appear on the site,
but an excessive number of errors may mean that you are not on a legitimate
website.
Walk away if it’s too good to be true.
Although it’s common practice for some retailers to give big discounts on
merchandise, if it’s too good to be true, then it’s probably not true.
Be especially careful with commercial offers that show “pop-up ads” on your screen
in another browser window or otherwise appear unsolicited. Some emails or texts you
receive about amazing offers may contain links to fake websites. So always keep an
eye out for domain name changes. Scammers will tend to create similar domain
names to trick users into thinking they are on a legitimate site, such as Yah00.com
(instead of Yahoo.com). If you’re not sure, don’t use the link and either:
Type the address of a website you trust directly into the address bar
or Search for it and follow the search results
Also, if you are suspicious of a site or link, you can check it out, for example, by visiting
this website:
Where links will be checked online by known antivirus programs.
Or on
Google’s Transparency website
Check the contact page
Browse the options for contacting the company. If you don’t see multiple options
(phone, email, live chat, or physical address), proceed with caution.
Use a credit card for online payments
When shopping online, use a credit card if you have one. Most major credit card
providers protect online purchases and are obligated to refund you in certain
circumstances, but make sure you know the terms and conditions of your card
provider. Using a credit card (rather than a debit card) also means that if your
payment details are stolen, your main bank account will not be directly affected.
Also consider using an online payment platform such as PayPal, Apple Pay or
Google Pay. Using these platforms to authorize your payments means the retailer
won’t even see your payment details. Platforms like PayPal also provide their own
dispute resolution, and fairly strong customer protection should something go wrong.
However, they may not provide the same protection as a card provider, so as with a
card provider, check their terms and conditions before signing up.
When it’s time to pay for your items, check for the “padlock” icon in your browser
address bar.
The padlock icon does not guarantee that the seller itself is legitimate/renowned (or
that its website is secure). It means that the connection is secure.
If the padlock icon is not there or the browser says it is not secure, then do not use
the site.
Do not enter any personal or payment information or create an account.
Enter only enough details to complete the purchase
When making a purchase, you should only fill in the mandatory details on the site.
These are usually marked with an asterisk (*) and usually include your delivery
address and payment details. You should not enter security details (such as your
mother’s maiden name or your pet’s name) to complete the purchase.
If possible, do not create an online store account when making a payment. You can
usually, complete your purchase without creating an account. If you think you’ll
become a regular customer of a store, you can create an account later when it
becomes a trusted vendor for you, but unless it’s vital to you, it’s always safer to have
as few online accounts as possible.
The store may also ask if it can store your payment details for faster payment the
next time you shop with it. If you aren’t using the site regularly, don’t let it.
However, we recommend that you never allow it.
Finally, do not pay by direct bank transfer.
Keep your accounts safe
Avoid using the same passwords for your online accounts. Similarly, do not use
short, familiar, or easily guessed passwords. Hackers could steal your password from
one account and use it to access your other accounts. Passwords like “password,
123456, or batman” won’t give you a superpower. Only use complex long passwords
made up of at least three different words combined with special characters and
numbers. Make sure your really important accounts (like your email account, social
media accounts, bank accounts, shopping accounts, and payment accounts like
PayPal) is protected with strong passwords that you don’t use anywhere else.
Google research found that 52% of passwords are reused across accounts.
Data from FIDO shows that passwords are the root cause of more than 80% of
account hacks.
The problem is that most of us have lots of online accounts, so creating strong
passwords for all of them (and remembering them) is hard. A “password manager”
can help you do this, but again, only choose from verified providers.
We strongly recommend protecting your online credentials from hackers by turning
on “two-step verification” (2SV). Also referred to as “two-factor authentication” (2FA)
or “multi-factor authentication” (MFA), turning on 2SV will prevent hackers from
accessing your accounts even if they know your password. This works by asking you
to confirm that it is indeed you when you enter your login credentials in a second way usually by asking you to enter a code that is sent to your phone or from an app called an authenticator.
Watch out for suspicious emails, text messages, and websites
You will likely receive many email messages from online stores as a result of “Newsletter Subscription” to receive messages from them. These Newsletters may include fake messages
(containing links designed to steal your money and personal information), which can
be very difficult to detect.
Of course, not all messages are malicious, but if you find something wrong, report it
to the authorities.
If you think your credit or debit card has been used by someone else, let your bank
know right away so they can block anyone using it. Always contact your bank using
their official website or phone number. Don’t use links or contact details from a
message that has been sent or given to you over the phone.
If you follow these rules, the chances of identity theft or losing your money will be
greatly reduced. Of course, there is always some risk, because just as technology
and strategies to protect against attackers are growing and improving rapidly,
hackers are figuring out how to adapt to new security conditions and learning quickly
how to get around them.
Sources: NCSC, TriglavSec, CyberCrime Magazine
